Bug 1559537 - systemd eBPF filter not working
Summary: systemd eBPF filter not working
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: systemd   
(Show other bugs)
Version: 28
Hardware: armv7hl
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: systemd-maint
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-03-22 17:56 UTC by Alessio
Modified: 2018-03-22 17:56 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Alessio 2018-03-22 17:56:36 UTC
I was following this test case: http://fedoraproject.org/wiki/User:Jjelen/Draft/Testcase_OpenSSH_eBPF

In a nutshell, putting

  [Service]
  IPAddressDeny=localhost

in /etc/systemd/system/sshd.service.d/filter.conf doesn't have any effect (after  systemctl daemon-reload and restarting sshd).
I'm still able to ssh on localhost.

The same steps performed on an x86_64 host are working as expected.

Fedora-Minimal-armhfp-28 on a Raspberry Pi 3

kernel 4.16.0-0.rc6.git0.2.fc28.armv7hl

# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/sshd.service.d
           └─filter.conf
   Active: active (running) since Thu 2018-03-22 18:37:38 CET; 12min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1512 (sshd)
    Tasks: 1 (limit: 2138)
   Memory: 1.9M
   CGroup: /system.slice/sshd.service
           └─1512 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@>

Mar 22 18:37:38 localhost systemd[1]: Starting OpenSSH server daemon...
Mar 22 18:37:38 localhost sshd[1512]: Server listening on 0.0.0.0 port 22.
Mar 22 18:37:38 localhost sshd[1512]: Server listening on :: port 22.
Mar 22 18:37:38 localhost systemd[1]: Started OpenSSH server daemon.

As far as I can see, /etc/systemd/system/sshd.service.d/filter.conf is taken into account since if I put a wrong parameter, systemct staus complains about it.

Is it expected that eBPF filtering doesn't work on arm?


Note You need to log in before you can comment on or make changes to this bug.